jamesp/ppr-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Gone live

Browse Source
This commit is contained in:
James Pattinson
2025-12-07 15:02:51 +00:00
parent 3780b3cf2f
commit 4d71d59d90
10 changed files with 542 additions and 401 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
nginx.conf
View File

@@ -29,9 +29,19 @@ http {
root /usr/share/nginx/html;
index index.html;
# Allow ppr.html to be embedded in iframes from any origin
location = /ppr.html {
add_header X-Frame-Options "ALLOWALL" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors *" always;
add_header X-Content-Type-Options "nosniff" always;
try_files $uri =404;
}
# Serve static files
location / {
try_files $uri $uri/ /index.html;
# Apply X-Frame-Options to other files
add_header X-Frame-Options "SAMEORIGIN" always;
}
# Proxy API requests to FastAPI backend
@@ -56,10 +66,10 @@ http {
}
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
# Default CSP for other files
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'" always;
}
}